Hello! I'm about to convert my apps to play well with recently introduced autoescaping but I have to confess that I don't get mark_safe, is_safe and needs_autoescaping.
First, I don't get why .is_safe attribute is needed at all. If my filter returns any HTML I should escape it and mark_safe the result, no? Then, looking at default filters I see that .is_safe is set to False for all filters returning non-string values. Though these values are pretty safe for HTML when they would be converted into strings in the end. And 'needs_autoescape' escapes me absolutely... If I'm dealing with user content and HTML why, again, can't I escape it inside my filter's code and mark_safe it? ---- Anyway... Malcolm (as the main implementer), sorry, but the docs are written in Linux how-to style: "make these magic passes and hope for the best and don't try to understand the thing since you never will". Could you please clarify why are those things needed and what exact effect they are intended to cause? For example. I'm writing a filter that gets a string and wraps it's first letter in a <b>...</b>. I'm going to split the first letter, conditional_escape the letter and the rest, wrap a letter in <b>...</b>, concatenate and mark_safe. Now, should I stick .is_safe? Because yes, I think it will return safe output given a safe string. What will break if I didn't (my experiments so far show that nothing breaks). Should I also ask for autoescape parameter and how am I supposed to use it? Ok, this was a bit messy but I honestly thought it should be easier :-) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
